Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Sophos response to VU#192371 VPN applications insecurely store session cookies

Hi Everyone,

On April 11, 2019, the US-CERT reports in its Vulnerability Note VU#192371 that multiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.

None of the Sophos VPN clients logs, or otherwise expose, session cookies to non-administrative users.

If an attacker were to gain access to a session cookie, they can replay the session and bypass other authentication methods as if it is the correct password. In the case of all Sophos VPN clients, authentication information is kept in memory and may, therefore, be accessible to local administrator users, capable of directly examining process memory.

Without 2 Factor Authentication (2FA), an attacker would then have access to the same applications that the user does through their VPN session. However, in 2FA configurations, the 2nd authentication factor is not available in memory which means that it protects against this type of attack.

Please visit the below KBA for more details.

Sophos response to VU#192371 VPN applications insecurely store session cookies